topic Re: HTTPS Traffic Not Returning Via IPSec Tunnels in General Topics

HTTPS Traffic Not Returning Via IPSec Tunnels

coltsfanatic07 — Wed, 20 Sep 2023 14:13:11 GMT

I have a customer who is using PAN appliances and we have a valid IPSec tunnel to a cloud provider. Traffic is fine for SSH and ICMP traffic in both directions. However, when we send HTTPS traffic across the tunnel the firewall logs suggest no bytes received and nothing past the SYN going out (we see no ACK etc.). From the client perspective it results in a timeout obviously.

To troubleshoot, we setup another IPSEC tunnel from another cloud network to confirm that the remote side of the tunnel was not preventing return traffic. Down to using the same subnets etc with no changes made to the remote side.

Seems to me that means there has to be a configuration issue of some sort on the PAN side. Any advice as to what I could check?

Re: HTTPS Traffic Not Returning Via IPSec Tunnels

coltsfanatic07 — Wed, 20 Sep 2023 14:21:44 GMT

Maybe one additional relevant piece of information, is the https traffic is ultimately a public ip address. So the intent is a specific CIDR is going across the tunnel and then being routed to the appropriate service on the remote side, but returning back through the tunnel.

Again, we have verified the remote side works as intended via a cloud to cloud VPN connection.

Re: HTTPS Traffic Not Returning Via IPSec Tunnels

coltsfanatic07 — Fri, 22 Sep 2023 18:45:34 GMT

We worked with an engineer today, and again, I don't know anything about PAN software, but we had to setup the Proxy IDs. Once we setup Proxy IDs for the remote side, everything starting working.